Skip to content

implement derive_into for scrypt #13794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alex merged 1 commit into from
Nov 3, 2025
Merged

implement derive_into for scrypt #13794

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions CHANGELOG.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,9 @@ Changelog
* Added ``derive_into`` methods to
:class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`,
:class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDFExpand`,
:class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id`, and
:class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC` to allow
:class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id`,
:class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`, and
:class:`~cryptography.hazmat.primitives.kdf.scrypt.Scrypt` to allow
deriving keys directly into pre-allocated buffers.
* Added ``encrypt_into`` methods to
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESCCM`,
Expand Down
32 changes: 30 additions & 2 deletions docs/hazmat/primitives/key-derivation-functions.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -418,13 +418,40 @@ Scrypt
:raises TypeError: This exception is raised if ``key_material`` is not
``bytes``.
:raises cryptography.exceptions.AlreadyFinalized: This is raised when
:meth:`derive` or
:meth:`derive`,
:meth:`derive_into`, or
:meth:`verify` is
called more than
once.

This generates and returns a new key from the supplied password.

.. method:: derive_into(key_material, buffer)

.. versionadded:: 47.0.0

:param key_material: The input key material.
:type key_material: :term:`bytes-like`
:param buffer: A writable buffer to write the derived key into. The
buffer must be equal to the length supplied in the
constructor.
:type buffer: :term:`bytes-like`
:return int: the number of bytes written to the buffer.
:raises ValueError: This exception is raised if the buffer length does
not match the specified ``length``.
:raises TypeError: This exception is raised if ``key_material`` or
``buffer`` is not ``bytes``.
:raises cryptography.exceptions.AlreadyFinalized: This is raised when
:meth:`derive`,
:meth:`derive_into`, or
:meth:`verify` is
called more than
once.

This generates a new key from the supplied password and writes it into
the provided buffer. This is useful when you want to avoid allocating
new memory for the derived key.

.. method:: verify(key_material, expected_key)

:param bytes key_material: The input key material. This is the same as
Expand All @@ -436,7 +463,8 @@ Scrypt
derived key does not match
the expected key.
:raises cryptography.exceptions.AlreadyFinalized: This is raised when
:meth:`derive` or
:meth:`derive`,
:meth:`derive_into`, or
:meth:`verify` is
called more than
once.
Expand Down
1 change: 1 addition & 0 deletions src/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ class Scrypt:
backend: typing.Any = None,
) -> None: ...
def derive(self, key_material: Buffer) -> bytes: ...
def derive_into(self, key_material: Buffer, buffer: Buffer) -> int: ...
def verify(self, key_material: bytes, expected_key: bytes) -> None: ...

class Argon2id:
Expand Down
71 changes: 57 additions & 14 deletions src/rust/src/backend/kdf.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,50 @@ struct Scrypt {
used: bool,
}

impl Scrypt {
#[cfg(not(CRYPTOGRAPHY_IS_LIBRESSL))]
fn derive_into_buffer(
&mut self,
py: pyo3::Python<'_>,
key_material: &[u8],
output: &mut [u8],
) -> CryptographyResult<usize> {
if self.used {
return Err(exceptions::already_finalized_error());
}
self.used = true;

if output.len() != self.length {
return Err(CryptographyError::from(
pyo3::exceptions::PyValueError::new_err(format!(
"buffer must be {} bytes",
self.length
)),
));
}

openssl::pkcs5::scrypt(
key_material,
self.salt.as_bytes(py),
self.n,
self.r,
self.p,
(usize::MAX / 2).try_into().unwrap(),
output,
)
.map_err(|_| {
// memory required formula explained here:
// https://blog.filippo.io/the-scrypt-parameters/
let min_memory = 128 * self.n * self.r / (1024 * 1024);
CryptographyError::from(pyo3::exceptions::PyMemoryError::new_err(format!(
"Not enough memory to derive key. These parameters require {min_memory}MB of memory."
)))
})?;

Ok(self.length)
}
}

#[pyo3::pymethods]
impl Scrypt {
#[new]
Expand Down Expand Up @@ -214,26 +258,25 @@ impl Scrypt {
}
}

#[cfg(not(CRYPTOGRAPHY_IS_LIBRESSL))]
fn derive_into(
&mut self,
py: pyo3::Python<'_>,
key_material: CffiBuf<'_>,
mut buf: CffiMutBuf<'_>,
) -> CryptographyResult<usize> {
self.derive_into_buffer(py, key_material.as_bytes(), buf.as_mut_bytes())
}

#[cfg(not(CRYPTOGRAPHY_IS_LIBRESSL))]
fn derive<'p>(
&mut self,
py: pyo3::Python<'p>,
key_material: CffiBuf<'_>,
) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
if self.used {
return Err(exceptions::already_finalized_error());
}
self.used = true;

Ok(pyo3::types::PyBytes::new_with(py, self.length, |b| {
openssl::pkcs5::scrypt(key_material.as_bytes(), self.salt.as_bytes(py), self.n, self.r, self.p, (usize::MAX / 2).try_into().unwrap(), b).map_err(|_| {
// memory required formula explained here:
// https://blog.filippo.io/the-scrypt-parameters/
let min_memory = 128 * self.n * self.r / (1024 * 1024);
pyo3::exceptions::PyMemoryError::new_err(format!(
"Not enough memory to derive key. These parameters require {min_memory}MB of memory."
))
})
Ok(pyo3::types::PyBytes::new_with(py, self.length, |output| {
self.derive_into_buffer(py, key_material.as_bytes(), output)?;
Ok(())
})?)
}

Expand Down
26 changes: 26 additions & 0 deletions tests/hazmat/primitives/test_scrypt.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,3 +233,29 @@ def test_invalid_r(self, backend):
def test_invalid_p(self, backend):
with pytest.raises(ValueError):
Scrypt(b"NaCl", 64, 2, 8, 0, backend)

def test_derive_into(self, backend):
scrypt = Scrypt(b"NaCl", 64, 1024, 8, 16, backend)
buf = bytearray(64)
n = scrypt.derive_into(b"password", buf)
assert n == 64
# Verify the output matches what derive would produce
scrypt2 = Scrypt(b"NaCl", 64, 1024, 8, 16, backend)
expected = scrypt2.derive(b"password")
assert buf == expected

@pytest.mark.parametrize(
("buflen", "outlen"), [(63, 64), (65, 64), (32, 64), (128, 64)]
)
def test_derive_into_buffer_incorrect_size(self, buflen, outlen, backend):
scrypt = Scrypt(b"NaCl", outlen, 1024, 8, 16, backend)
buf = bytearray(buflen)
with pytest.raises(ValueError, match="buffer must be"):
scrypt.derive_into(b"password", buf)

def test_derive_into_already_finalized(self, backend):
scrypt = Scrypt(b"NaCl", 64, 1024, 8, 16, backend)
buf = bytearray(64)
scrypt.derive_into(b"password", buf)
with pytest.raises(AlreadyFinalized):
scrypt.derive_into(b"password", buf)
Loading